In-band identity verification and man-in-the-middle defense
First Claim
Patent Images
1. A method, comprising:
- receiving, at a local device, a verification request from a remote user in conjunction with a contact made by the remote user with a local user, wherein the verification request includes a request for a representation of a cryptographic hash value of a cryptographic key of the local user;
in response to a confirmation received from the local user of the local device, initiating a verification process, wherein the verification process includes capturing audiovisual content by the local device and the audiovisual content includes the representation of the cryptographic hash value; and
transmitting a result of the verification process to the remote user.
4 Assignments
0 Petitions
Accused Products
Abstract
A variety of techniques for performing identity verification are disclosed. As one example, a verification request is received from a remote user. The verification request pertains to a cryptographic key. In response to receiving a confirmation from a local user of the local device, a verification process is initiated. A result of the verification process is transmitted to the remote user. As a second example, a verification request can be received at the local device, from a local user of the device. A verification process with respect to the local user is initiated, and a result of the verification process is transmitted to a remote user that is different from the local user.
21 Citations
18 Claims
-
1. A method, comprising:
-
receiving, at a local device, a verification request from a remote user in conjunction with a contact made by the remote user with a local user, wherein the verification request includes a request for a representation of a cryptographic hash value of a cryptographic key of the local user; in response to a confirmation received from the local user of the local device, initiating a verification process, wherein the verification process includes capturing audiovisual content by the local device and the audiovisual content includes the representation of the cryptographic hash value; and transmitting a result of the verification process to the remote user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, comprising:
-
receiving at a local device, in conjunction with a contact made by a remote user with a local user, content purporting to establish an identity of the remote user at a remove device, wherein the content includes an audiovisual component that includes a representation of a cryptographic hash value of a cryptographic key of the remote user; displaying, to the local user, the received content; and recording an authentication verdict provided by the local user in conjunction with reviewing the received response, wherein an indication of the verdict is provided to the remote user in a messaging interface. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium comprising instructions that when, executed by at least one hardware processor, perform the steps of, comprising:
-
receiving, at a local device, a verification request from a remote user in conjunction with a contact made by the remote user with a local user, wherein the verification request includes a request for a representation of a cryptographic hash value of a cryptographic key of the local user; in response to a confirmation received from the local user of the local device, initiating a verification process, wherein the verification process includes capturing audiovisual content by the local device and the audiovisual content includes the representation of the cryptographic hash value; and transmitting a result of the verification process to the remote user.
-
-
18. A non-transitory computer-readable medium comprising instructions that when, executed by at least one hardware processor, perform the steps of, comprising:
-
receiving at a local device, in conjunction with a contact made by a remote user with a local user, content purporting to establish an identity of the remote user at a remove device, wherein the content includes an audiovisual component that includes a representation of a cryptographic hash value of a cryptographic key of the remote user; displaying, to the local user, the received content; and recording an authentication verdict provided by the local user in conjunction with reviewing the received response, wherein an indication of the verdict is provided to the remote user in a messaging interface.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeWickr Inc. (Amazon.com, Inc.)
-
Original AssigneeWickr Inc. (Amazon.com, Inc.)
-
InventorsStatica, Robert, Coppa, Kara Lynn, Howell, Christopher A.
-
Primary Examiner(s)Avery, Jeremiah
-
Application NumberUS15/381,052Time in Patent Office222 DaysField of SearchNoneUS Class CurrentCPC Class CodesG06F 21/32 using biometric data, e.g. ...G06F 21/606 by securing the transmissio...G06F 21/6245 Protecting personal data, e...G06F 21/73 by creating or determining ...G06F 2221/2107 File encryptionG06F 2221/2137 Time limited access, e.g. t...G06T 11/60 Editing figures and text; C...G06V 40/1365 Matching; ClassificationH04L 63/0428 wherein the data content is...H04L 63/0442 wherein the sending and rec...H04L 63/061 for key exchange, e.g. in p...H04L 63/062 for key distribution, e.g. ...H04L 63/0861 using biometrical features,...H04L 63/123 received data contents, e.g...H04L 63/126 the source of the received ...H04L 9/0643 Hash functions, e.g. MD5, S...H04L 9/3242 involving keyed hash functi...H04W 12/068 using credential vaults, e....
